04d899cdcc42b9ff25e18c4f1fe16e2a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

04d899cdcc42b9ff25e18c4f1fe16e2a_JaffaCakes118
Size

23KB
MD5

04d899cdcc42b9ff25e18c4f1fe16e2a
SHA1

09c7462eaf18b271d0cc18a55036cbc308d7758e
SHA256

9a5042f5d9cd86600d23fb7bbcea3aa7b71b24d6a8183c6e67d188c04fc14be1
SHA512

f4eb802e119329c093a9e782b2ef7a31d1e68a136f47d71f7f5807c1672731872b4726e58d589e2377a14d0915e71852ce1828c9bbbb43b2c49c1e1a999eed9b
SSDEEP

384:WHcWiNAEkl6hQSM5YZncVn+30RbVdE9+e+l5lqC631/hiw:WHcWcSNAZcV+4pe9+b5HqR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04d899cdcc42b9ff25e18c4f1fe16e2a_JaffaCakes118

Files

04d899cdcc42b9ff25e18c4f1fe16e2a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d3591a9c013cdf950152cee9831c4067

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
GetFileAttributesW
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
SetFilePointer
OutputDebugStringA
HeapAlloc
GetProcessHeap
GetWindowsDirectoryA
GetProcAddress
DeleteFileA
GetModuleHandleA
FindClose
FindFirstFileA
FreeLibrary
GetModuleFileNameA
Sleep
CloseHandle
EnterCriticalSection
LeaveCriticalSection
OpenProcess
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
LoadLibraryA

user32

GetDC
GetWindowRect
wsprintfA
GetWindowTextA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetClassNameW
GetWindow
FindWindowA

msvcrt

_strupr
_strcmpi
free
strcpy
memset
malloc
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
fclose
ftell
fseek
fopen
mbstowcs
strlen
_except_handler3
strncpy
strchr
rand
srand
time
wcslen
strstr
wcsncat
wcscpy
wcsstr
exit
printf
sprintf
memcpy
strrchr
_local_unwind2
tolower
_vsnprintf

wininet

InternetCloseHandle

iphlpapi

GetAdaptersInfo

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

Exports

Exports

Install
Uninstall

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3591a9c013cdf950152cee9831c4067

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

wininet

iphlpapi

gdi32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 2KB

shared Size: 512B - Virtual size: 4B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 2KB

shared
Size: 512B - Virtual size: 4B

.reloc
Size: 2KB - Virtual size: 1KB